| Vulnerability Name: | CVE-2016-6703 (CCN-119493) | ||||||||||||||||
| Assigned: | 2016-11-17 | ||||||||||||||||
| Published: | 2016-11-17 | ||||||||||||||||
| Updated: | 2016-12-06 | ||||||||||||||||
| Summary: | A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a specially crafted payload to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Android runtime. Android ID: A-30765246. | ||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-284 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2016-6703 Source: BID Type: Third Party Advisory, VDB Entry 94161 Source: CCN Type: BID-94161 Google Android Runtime Library CVE-2016-6703 Remote Code Execution Vulnerability Source: XF Type: UNKNOWN android-cve20166703-code-exec(119493) Source: CCN Type: Android Open Source Project Android Security BulletinNovember 2016 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2016-11-01.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-6703 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||